Comment by Ayesh

11 hours ago

You can find a docker-compose.yml file to get some idea.

Appears to be using MariaDB.

They shut down OCSP responders and expiry email reminders, so there really is no need to have a database apart from rate limits, auth data, and caching.

For Certificate Transparency, they are submitted to Google and CloudFlare run trees but I don't think LetsEncrypt run their own logs.

2 comments

Ayesh

mcpherrinm 8 hours ago

Let’s Encrypt does operate CT logs. I wrote a blog post about our current-generation logs at https://letsencrypt.org/2024/03/14/introducing-sunlight

nodesocket 11 hours ago

I assume they want to store metadata instead of having to pull from the certificates itself, but maybe that’s actually easier and more performant.